Re: AnyConnect 4.5.00058 and Linux, unable to transmit packets

patoberli · ‎07-21-2017

Hi All

I just recently upgraded AnyConnect in my environment from a 4.3 release to the latest 4.5.00058. This client doesn't seem to work correctly under Linux though, I tested with Mint 18 and Ubuntu 16.04. It espablishes the connection successfully, but then stops at transmitting any data through the tunnel. I also tested a fresh AC installation and it will not work.

Any ideas?

m_krieger · ‎09-05-2017

Hi,

starting with anyconnect 4.5, the clients drops outgoing packets by iptables

(testest on ubuntu 14.04 / 16.04 / 17.04 and OpenSuSE Leap 42.2 / 42.3)

With AnyConnect 4.4 and before, the iptables rules are

...

-A ciscovpn -i cscotun0 -j RETURN
-A ciscovpn -s <tunnelip>/32 -j RETURN
-A ciscovpn -j DROP

...

As of AnyConnect 4.5 (including 4.5.01044) there is a new rule dropping *ALL*

outgoing traffic via the tunnel:

...

-A ciscovpn -i cscotun0 -j RETURN
-A ciscovpn -s <tunnelip>/32 -j DROP
-A ciscovpn -s <tunnelip>/32 -j RETURN
-A ciscovpn -j DROP

...

Any ideas on how to prevent this? Or wether it has already been filed as bug?

Windows & Mac OS X work fine, though

Cheers,

Markus

Markus Meschederu · ‎09-27-2017

New released Version 4.5.02033 seems to work now with ubuntu 16.10:

tail of output of iptables-save:

-A ciscovpn -i cscotun0 -j RETURN

-A ciscovpn -s <tunnelip> -s <localLANnet/mask> -o cscotun0 -j DROP

-A ciscovpn -s <tunnelip> -s <169.254.0.0/16> -o cscotun0 -j DROP

-A ciscovpn -s <tunnelip> -o cscotun0 -j RETURN

-A ciscovpn -j DROP

regards and greetings to Markus :-)

Markus

Ben72665 · ‎10-17-2019

Hey,

I'm running 4.5.02036 on fedora 30 and have the following rules:

-A ciscovpn -i cscotun0 -j RETURN
-A ciscovpn -s <omitted> -o cscotun0 -j RETURN
-A ciscovpn -j DROP
-A ciscovpnfinal -j ACCEPT
COMMIT

However, no packets go through. Any ideas what might be going wrong?